Avoiding the Overwhelm of Nation States
10–7–2024 (Monday)
Hello and welcome to The Intentional Brief - your weekly video update on the one big thing in cybersecurity for growth stage companies, investors, and management teams.
I’m your host, Shay Colson, Managing Partner at Intentional Cybersecurity, and you can find us online at intentionalcyber.com.
Today is Monday, October 7, 2024, and while we’re dealing with the impact of Hurricane Helene, and staring down a building storm in Hurricane Milton, we’re also dealing with the digital equivalents of something Microsoft is calling “Salt Typhoon.”
What is that and why does it matter to us? Let’s dig in.
Avoiding the Overwhelm of Nation States
This week, the Wall Street Journal broke an exclusive with the news of yet another Chinese espionage operation, this one purporting to have “penetrated the networks of a swath of U.S. broadband providers, potentially accessing information from systems the federal government uses for court-authorized network wiretapping requests.”
The Journal notes that “For months or longer, the hackers might have held access to network infrastructure used to cooperate with lawful U.S. requests for communications data, according to people familiar with the matter, which amounts to a major national security risk. The attackers also had access to other tranches of more generic internet traffic, they said.”
Other reports frame this effort as “a position within the service provider network [that] would offer valuable reconnaissance for how to further target high-value marks working for the federal government, law enforcement, manufacturers, military contractors, and Fortune 100 companies.”
The group, “dubbed “Salt Typhoon,” had access to this trove for months – or longer – penetrating the networks of Verizon, AT&T, Lumen Technologies, and other companies.” The naming trend continues Microsoft’s convention of “color” plus “weather function” - where Typhoon names designate Chinese actors.
“The hacking operation is said to have been discovered in recent weeks. It involved a “vast collection of internet traffic” from major providers who service “businesses large and small, and millions of Americans,” the Journal says. It may also have involved a small number of providers outside the U.S.
The details get even more grim with assertions that “The surveillance systems believed to be at issue are used to cooperate with requests for domestic information related to criminal and national security investigations.”
This really ups the stakes, with Politico noting “Compromising ISP’s wiretaps is probably one of the most complicated and bold cyber operations a nation-state actor can execute,” said Sygnia CEO Ram Elboim. “It deals with extremely sensitive data and touches on both law enforcement and potential intelligence data.”
Some are suggesting that since the FBI runs many of these wiretapping operations, it’s a counter-counter intelligence operations, where “The Chinese are probably looking to close the gaps in their operations in the U.S.,” according to the Center for Strategic and International Studies James Lewis.
So - while this is certainly an attention-grabbing headline, and a juicy digital cloak-and-dagger story, it does beg the “So what?” question for those of us here in the Small and Medium Enterprise space.
It’s tempting to use this as case against back door capabilities, and with some good justification. That said, this is something telcos are required to provide by Federal Law, and the technical details of implementing such a service - especially given the scale of these requests in a post-9/11 world, means that corners will be cut.
But - we don’t have a choice but to use these major telecoms, even if indirectly. Our data typically transits these pipes, even if our on-ramp and off-ramps are provided by others. That’s the way the Internet and backbones work.
So, instead, I think it’s potentially a useful scenario to talk through as an “assume breach” mentality for certain businesses. Is there opportunity for end-to-end encryption here? Are there additional steps around authentication and validation that we need to put into place if we have data transiting an untrusted channel?
At the end of the day, however, there’s a larger game being played in which we’re only largely unwilling (and sometimes unwitting) participants. I would see this as yet another reminder to control the things you can control, and build towards resilience - where a compromise of one part of your operations won’t mean it all grinds to a halt.
Fundraising
From a fundraising perspective, we followed up a great last week of Q3 with another great week to kick off Q4, with nearly $29B in newly committed capital, including:
LGT Capital Partners, owned by Liechtenstein's royal family, posting over $7b for its sixth global PE secondaries fund; and
Summit Partners raised $9.5b for its 12th flagship U.S. growth equity fund.
With that, a reminder that you can find links to all the articles we covered below, find back issues of these videos and the written transcripts at intentionalcyber.com, and we’ll see you next week for another edition of the Intentional Brief.
Links
https://www.wsj.com/tech/cybersecurity/u-s-wiretap-systems-targeted-in-china-linked-hack-327fc63b
https://www.darkreading.com/cyberattacks-data-breaches/chinas-salt-typhoon-cyberattacks-us-isps
https://www.politico.com/newsletters/weekly-cybersecurity/2024/10/07/salt-in-the-wound-00182666